2.16+ questions surrounding enforced config

Help
Craig
2012-10-10
2012-11-19
  • Craig

    Craig - 2012-10-10

    1)  When using enforced configuration via a network how do you tell it to remember the last opened database file ?  The following placed in the enforced file does not seem to work.  It doesnt seem to see the placeholders.
    <LastUsedFile>
         <Path>C:\Documents and Settings\{USERNAME}\My Documents\{USERNAME}.kdbx</Path>
    </LastUsedFile>

    2) if the above can be made to work - is there a way to use the enforced method without the network ie with each workstation copy of keepass installed locally for 1 or more users of the same machine ?
    Thanks

     
  • wellread1

    wellread1 - 2012-10-11

    I suspect that Open Last File must also be true

    <Start>
    <OpenLastFile>true</OpenLastFile>
    </Start>

    -wellread1

     
  • Dominik Reichl

    Dominik Reichl - 2012-10-11

    1) Placeholders cannot be used in this configuration key. As you apparently want each user to have his own database, it would be a good idea anyway to leave the file's location up to the user? By default, KeePass suggests the 'My Documents' folder as location (and the 'OpenLastFile' setting is true by default, too).

    2) A locally installed KeePass can be used by multiple users, yes. For example, when you use the installer (KeePass-X.YY-Setup.exe), all users can use it (KeePass saves its configuration for each user in his personal application data folder). Details can be found on http://keepass.info/help/base/configuration.html

    Best regards
    Dominik

     
  • Craig

    Craig - 2012-10-11

    Thanks for the replies !
    Yes we would like each user to have their own DB and each time they log in it would be nice if it would pull up the last DB used automatically.  As it is now on the network install Keepass comes up with no DB and we must open it.

    1)  Network:  OpenLastFile was set to true.  We are using the installer, XP, Keepass 2.16 and above.
    Using the enforced file, <Path/>, and OpenLastFile = True, and PreferUserConfiguration=false.  1st time into Keepass I have to do new DB and it takes it fine asking if I want to save it.  I say yes and exit keepass.  Then I go back into keepass and I have to tell it to open the DB - it does not remember.  Is that a permissions thing - the enforced file is Read Execute and Read only. On the local machine C:\Documents and Settings\user\Application Data\KeePass\KeePass.config.xml file has the correct PATH and OpenLastFile=true and PreferUserConfiguration=false but it still does NOT prompt for a password to the DB and open it.  I must tell it to open.  What am I missing ?

    2)  Local:  Ideally we would like to install locally, but we do need to enforce several settings (not all settings).  So I created an Keepass.config.enforced.xml in the same folder as keepass.exe with just the few items we wanted to enforce.  When I try that it doesnt seem to look at C:\Documents and Settings\user\Application Data\KeePass\KeePass.config.xml.
    For my test I installed Keepass 2.16 and then ran it.  It came up and I created a new DB and saved it.  Then ran keepass again and it prompted for my password as expected and put me into the DB - perfect.  Then I created a keepass.config.enforced.xml file with just the items we wanted to change and put it in the folder with keepass.exe.  Like:
    <?xml version="1.0" encoding="utf-8"?>
    <Configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <Meta>
    <PreferUserConfiguration>false</PreferUserConfiguration>
    </Meta>
    <Application>
    <Start>
    <CheckForUpdate>false</CheckForUpdate>
    <CheckForUpdateConfigured>true</CheckForUpdateConfigured>
    </Start>
    <FileClosing>
    <AutoSave>true</AutoSave>
    </FileClosing>
    </Application>
    <MainWindow>
    <MinimizeAfterLocking>false</MinimizeAfterLocking>
    </MainWindow>
    <UI>
    <UIFlags>15</UIFlags>
    </UI>
    <Security>
    <WorkspaceLocking>
    <LockOnSessionSwitch>true</LockOnSessionSwitch>
    <LockOnSuspend>true</LockOnSuspend>
    <LockOnRemoteControlChange>true</LockOnRemoteControlChange>
    <LockAfterTime>1800</LockAfterTime>
    <LockAfterGlobalTime>660</LockAfterGlobalTime>
    <ExitInsteadOfLockingAfterTime>true</ExitInsteadOfLockingAfterTime>
    <AlwaysExitInsteadOfLocking>true</AlwaysExitInsteadOfLocking>
    </WorkspaceLocking>
    <Policy>
    <Plugins>false</Plugins>
    <ExportNoKey>false</ExportNoKey>
    <PrintNoKey>false</PrintNoKey>
    <ChangeMasterKeyNoKey>false</ChangeMasterKeyNoKey>
    <EditTriggers>false</EditTriggers>
    </Policy>
    <MasterPassword>
    <MinimumLength>8</MinimumLength>
    <MinimumQuality>32</MinimumQuality>
    </MasterPassword>
    </Security>
    </Configuration>
    Then I ran keepass again.  It comes up prompting for a DB as expected showing my enforced changes.
    It added to C:\Program Files\KeePass Password Safe 2\keepass.config.xml including my enforced changes.  So far so good.
    I logged off that user and logged on a 2nd user same machine and ran keepass.
    It prompted for a pw but for the 1st user (our users wont catch that until they realize they dont have the password or try and fail).  I selected cancel and it put me into keepass empty so I could do new for a new DB.
    I did new and created a DB for the 2nd user and it did my autosave as per the enforced changes - good.
    Ran keepass again and it prompted for the 2nd user as expected - good.

    So I assume it uses the file C:\Program Files\KeePass Password Safe 2\keepass.config.xml to remember the last DB since it cant write to the enforced file, but that config file then becomes global for all users apparently.
    Why doesnt it use the file C:\Documents and Settings\user\Application Data\KeePass\KeePass.config.xml ?  It did not even create the App Data file for the 2nd user (I assume because it is thinking global config now)? It seems like it might be nice if the enforced file exists it would use what was in it but if something was not in enforced it could then use what it found in the local file to keep users separate.  If the user did not have a local file it would open empty so the user could create a new DB.  Is there a way to make that work ?  Thanks.

     
  • Dominik Reichl

    Dominik Reichl - 2012-10-11

    The KeePass.config.xml in the KeePass application folder (in the program files directory) must not be modified. It should look like the following (which is what the KeePass-X.YY-Setup.exe installer creates):

    <?xml version="1.0" encoding="utf-8"?>
    <Configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <Meta>
            <PreferUserConfiguration>true</PreferUserConfiguration>
        </Meta>
    </Configuration>
    

    Furthermore, in the enforced configuration file KeePass.config.enforced.xml you should set PreferUserConfiguration to true, too. The settings listed in this file are still enforced, and all others can be configured by the user (which enables remembering and opening the last database).

    Best regards
    Dominik

     
  • Dominik Reichl

    Dominik Reichl - 2012-10-11

    Also, do not enforce <Path/> (this would clear the path each time KeePass starts).

     
  • Dominik Reichl

    Dominik Reichl - 2012-10-11

    The forum broke my XML listing by inserting extra ';' characters. Either remove them or simply copy the file KeePass.config.xml from the 'Ext' folder in the KeePass-2.20.1-Source.zip package.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks